191 matches found
Security Advisory - Local Privilege Escalation Vulnerability in Huawei OSD Product
There is a local privilege escalation vulnerability in Huawei OSD product. An authenticated, local attacker can constructs a specific file path to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. Vulnerability ID: HWPSIRT-2020-02153 This...
CVE-2019-20431
In the Lustre file system before 2.12.3, the ptlrpc module has an osdmapremotetolocal out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. osdbufsget in the osdldiskfs module does not validate a certain length value...
SUSE SLED15 / SLES15 Security Update : ceph, ceph-iscsi, ses-manual_en (SUSE-SU-2019:2736-1)
This update for ceph, ceph-iscsi and ses-manualen fixes the following issues : Security issues fixed : CVE-2019-10222: Fixed RGW crash caused by unauthenticated clients. bsc1145093 Non-security issues-fixed: ceph-volume: prints errors to stdout with --format json bsc1132767 mgr/dashboard: Changin...
SUSE-SU-2019:2736-1 Security update for ceph, ceph-iscsi, ses-manual_en
This update for ceph, ceph-iscsi and ses-manualen fixes the following issues: Security issues fixed: - CVE-2019-10222: Fixed RGW crash caused by unauthenticated clients. bsc1145093 Non-security issues-fixed: - ceph-volume: prints errors to stdout with --format json bsc1132767 - mgr/dashboard:...
SUSE SLED15 / SLES15 Security Update : ceph (SUSE-SU-2019:2049-1)
This update for ceph fixes the following issues : Security issues fixed : CVE-2019-3821: civetweb: fix file descriptor leak bsc1125080 CVE-2018-16889: rgw: sanitize customer encryption keys from log output in v4 auth bsc1121567 Non-security issues fixed: install grafana dashboards world readable...
SUSE-SU-2019:2049-1 Security update for ceph
This update for ceph fixes the following issues: Security issues fixed: - CVE-2019-3821: civetweb: fix file descriptor leak bsc1125080 - CVE-2018-16889: rgw: sanitize customer encryption keys from log output in v4 auth bsc1121567 Non-security issues fixed: - install grafana dashboards world...
openSUSE Security Update : ceph (openSUSE-2019-1284)
This update for ceph version 13.2.4 fixes the following issues : Security issues fixed : - CVE-2018-14662: Fixed an issue with LUKS 'config-key' safety bsc1111177 - CVE-2018-10861: Fixed an authorization bypass on OSD pool ops in ceph-mon bsc1099162 - CVE-2018-1128: Fixed signature check bypass i...
Security update for ceph (moderate)
openSUSE Security Update: Security update for ceph Announcement ID: openSUSE-SU-2019:1284-1 Rating: moderate References: 1084645 1086613 1096748 1099162 1101262 1111177 1114567 1114710 Cross-References: CVE-2018-10861 CVE-2018-1128 CVE-2018-1129 CVE-2018-14662 CVE-2018-16846 Affected Products:...
SUSE-SU-2018:2193-1 Security update for ceph
This update for ceph fixes the following issues: - Update to version 12.2.7-420-gc0ef85b854: https://ceph.com/releases/12-2-7-luminous-released/ luminous: osd: eternal stuck PG in 'unfoundrecovery' bsc1094932 bluestore: db.slow used when db is not full bsc1092874 CVE-2018-10861: Ensure that...
openSUSE Security Update : cinnamon (openSUSE-2018-767)
This update for cinnamon fixes the following issues : Security issue fixed : - CVE-2018-13054: Fix symlink attack vulnerability boo1083067. Bug fixes : - Update to version 3.4.6 changes since 3.4.4 : - osdWindow.js: Always check the theme node on first showing - an actor's width isn't necessarily...
RHEL 7 : Red Hat Ceph Storage 2.5 (RHSA-2018:2261)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2261 advisory. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system...
ceph: ceph-mon does not perform authorization on OSD pool ops
A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete and corrupt snapshot images...
ceph: ceph-mon does not perform authorization on OSD pool ops
A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete and corrupt snapshot images...
RHEL 7 : Red Hat Ceph Storage 3.0 (RHSA-2018:2177)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2177 advisory. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system...
SUSE-SU-2018:1576-1 Security update for ceph
This update for ceph to 12.2.5-407-g5e7ea8cf03 fixes the following issues: Security issue fixed: - CVE-2018-7262: The rgwcivetweb.cc RGWCivetWeb::initenv function in radosgw doesn't handle malformed HTTP headers properly, allowing for denial of service. rgw: make init env methods return an error...
SUSE-SU-2018:1417-1 Security update for ceph
This update for ceph fixes the following issues: Security issues fixed: - CVE-2018-7262: rgw: malformed http headers can crash rgw bsc1081379. - CVE-2017-16818: User reachable asserts allow for DoS bsc1063014. Bug fixes: - bsc1061461: OSDs keep generating coredumps after adding new OSD node to...
SUSE-SU-2017:0758-1 Security update for ceph
This update provides Ceph 10.2.5, which brings fixes and enhancements: This security issue was fixed: - CVE-2016-8626: Handle empty POST condition to not allow attackers to crash the ceph-radosgw service. bsc1007217 These non-security issues were fixed: - OSD daemon uses 100% CPU load after OSD...
RHEL 7 : ansible (RHSA-2017:0515)
An update for ansible and ceph-ansible is now available for Red Hat Storage Console 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
SUSE SLED12 / SLES12 Security Update : ceph (SUSE-SU-2017:0367-1)
This update for ceph fixes the following issues : - CVE-2016-5009: moncommand with empty prefix could crash monitor bsc987144 - Invalid commandd in SOC7 with ceph bsc1008894 - Performance fix was missing in SES4 bsc1005179 - ceph build problems on ppc64le bsc982141 - ceph make build unit test...
openSUSE Security Update : ceph (openSUSE-2016-1500)
ceph was updated to version 10.2.4 and fixes the following issues : - A moncommand with empty prefix could crash the monitor boo987144, CVE-2016-5009 - Detect crc32 extension support from assembler on AArch64 boo999688 - Failing file operations on kernel based cephfs mount point could leave...